1. Field of the Invention
The present invention relates a system and method for real-time malware detection based on web browser plugin.
2. Background of the Invention
Recently, intelligent cyber attacks (APT, Advanced Persistent Threat) distribute a malware through an E-mail, a web article or other script etc. using the vulnerability of a system or application, or carry out application level attacks such as stealing identification information or confidential data of individuals and companies through the process of a malicious web redirect (Web Redirects).
FIG. 1 is a diagram showing an example of an intelligent cyber attack. Referring to FIG. 1, a network system, which a plurality of host devices 10 and network connection devices (router 20) are connected through wired and wireless networks, is shown.
FIG. 1 shows the case which an attacker 30 carry out a cyber attack through an intermediate host (attack system 40). That is, it shows the case which the position of an attack system 40 is different from the position of the attacker 30 attempting to hack actually. In FIG. 1, although the attacker 30 is via one attack system 40, the attacker 30 may be via multiple other systems.
In a security system which a tracking module is installed on the position capable of monitoring network packets or communication connections are monitored in order to detect malware, when the attacker 30 is via a network equipment such as a router 20 or an Internet Service Provider (ISP), it is impossible to track the actual location of the attacker 30 which is via multiple systems.
In particular, in intelligent cyber attacks, data is transmitted to and received from intermediate hosts in an application level. If the attack is through a connection chain, it is impossible to track it in a network layer. In recent years, mobile based cyber attacks also increase.
In addition, in the recent case of the intelligent cyber attacks, it is exhaustively prepared and planned over a long period, and it continuously attacks a certain target for the specific purpose. Victims are not aware of the infection, and also it is difficult to detect by existing security tools.
Accordingly, the method, which detects the above intelligent cyber attacks at an application level in real time and an effective security is possible, is required.